97edea8bc010bdce4a0d3a732e16bf1390fcfeba1845f87610927eeda2a4d5f6

Sharing

Copy URL

Twitter E-mail

General

Target

Byte-Stealer-1.3.1.zip
Size

733KB
Sample

240410-aq3xjaed4x
MD5

0904c967075086e1879eaf3c4fb88579
SHA1

d61c3717644820c986c9f268377db1044e0da655
SHA256

97edea8bc010bdce4a0d3a732e16bf1390fcfeba1845f87610927eeda2a4d5f6
SHA512

6e65c9babc221f0c1acaaf031e2918efa07c7956d4ba9e4265f1cfe4273d04dbadc2718be4a82991b3a67fcb65e8ecf1e758b7efb77d4a8878908357b8741a12
SSDEEP

12288:bq5h5MLhMKYc4QPgxMrmoTY2iP6tLCc30gIP5C9UEtld8oz9OcBHcWYARQUx2Oje:bYh5M1MKYDxMSoTY2iP6zkR5C1TzccBg

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  Byte-Stealer-1.3.1.zip
- Size
  
  733KB
- MD5
  
  0904c967075086e1879eaf3c4fb88579
- SHA1
  
  d61c3717644820c986c9f268377db1044e0da655
- SHA256
  
  97edea8bc010bdce4a0d3a732e16bf1390fcfeba1845f87610927eeda2a4d5f6
- SHA512
  
  6e65c9babc221f0c1acaaf031e2918efa07c7956d4ba9e4265f1cfe4273d04dbadc2718be4a82991b3a67fcb65e8ecf1e758b7efb77d4a8878908357b8741a12
- SSDEEP
  
  12288:bq5h5MLhMKYc4QPgxMrmoTY2iP6tLCc30gIP5C9UEtld8oz9OcBHcWYARQUx2Oje:bYh5M1MKYDxMSoTY2iP6zkR5C1TzccBg
Score

1^/10
behavioral1
- Target
  
  Byte-Stealer-1.3.1/ConfigLogger.bat
- Size
  
  49B
- MD5
  
  aa02d6b4fff3cb9849ae186a8a8ad459
- SHA1
  
  94404f3a23b40a3d109eec3c618f9692ee958332
- SHA256
  
  6a8a26ee42a1a68e84e4a0b48f4599164eff8bda7894f2c832337c6af9b4bf2d
- SHA512
  
  aef4267a4c083abec885856664b450cf3a3dba5849be1729894fa6844877cd9cfc1881942346bc8540c17848d1e66ba3d708b5ec0df73cd9ff9c854af6913654
Score

1^/10
behavioral2
- Target
  
  Byte-Stealer-1.3.1/Download-Python3.9.12.bat
- Size
  
  844B
- MD5
  
  47ff83c78d42f7ec63083fbf14b080e4
- SHA1
  
  c2ac71285ecc16ed70d346446191ae51c62165a0
- SHA256
  
  8c14ea790560c385b899d34d696223c342706b843ab66a7bae4fe937a2016d00
- SHA512
  
  9ae424dbc55b9a3d2227e913f8a232d4d48aba13d71c9aea1aee9e187bcfe28bb7b89ff4f26b9a42115bcface13a6f8b9a89733d1d47e81682bc879b7891527c
Score

8^/10

discovery persistence
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral3
- Target
  
  Byte-Stealer-1.3.1/Install-Packages.bat
- Size
  
  900B
- MD5
  
  e70436052ff0adaae55a1bab722856df
- SHA1
  
  eec52b61f852f6f15d3c65200d55576146f19ab8
- SHA256
  
  f73cb6b9cb6585c8838bb7a2ccb29d9dd148274a8f3ceaa1848576b91898a43d
- SHA512
  
  62c5782ceb834cea2cd5b32668099a01b33c2df014a218702e09888bfa1e5c1f00db7fd6bafde853dda8a79eb88a69eec6244b125f47a43d47a378f40d0f3185
Score

1^/10
behavioral4
- Target
  
  Byte-Stealer-1.3.1/Logger.py
- Size
  
  32KB
- MD5
  
  2c6958c6eae0d304d6e0c6589d994aea
- SHA1
  
  c9d402a572fe0efeef6788c9769111cd097b4adc
- SHA256
  
  9ec46a55c9cf3dd5cbb4b720c8880261dc79c62f61e5e9c328a846b27b07a012
- SHA512
  
  e6e642936e2d5fb73fb834c0e71ef5b889e559f6b3c91e55acf1b3f4c3eb5eff2b2273c34c089f6affb44b3d65dd2388d0b6ba3d6a6ced0d6fe5056462e20ea4
- SSDEEP
  
  768:QX71PbuTtaT0ijW9cN4bUzPkMYKSyNovBsAALPdUWlU:Qr1P2ijW9cSbUQhKSy7AALlUJ
Score

3^/10
behavioral5
- Target
  
  Byte-Stealer-1.3.1/README.md
- Size
  
  2KB
- MD5
  
  3607f5ad6aa679310426c22fb72246a6
- SHA1
  
  2b6c8a5f81fc68b9657f816412296c635d05b32c
- SHA256
  
  6cd4fe9983c68dc97f026f3ce5e7315a581e8db2adc2b517b45f8cc7f9933e7d
- SHA512
  
  d7a561084e1fa377b249373e3b72213a498d5edf5bce26e67ae5bb90c071c5fba1aff80ab3c25fab8a0bd6b1ec31899f40dbc715676a12b4d7630f80fe466238
Score

3^/10
behavioral6
- Target
  
  Byte-Stealer-1.3.1/ScriptConfig.py
- Size
  
  584B
- MD5
  
  67a08ba45445abc40ab9ce1a203b2092
- SHA1
  
  3a8545c5b886abca2f9575d5388ed930178e7e71
- SHA256
  
  dedf4a243bb12bc6b9b0e15305ffd5af0e5836d40e21e8642e248cc9536bf298
- SHA512
  
  e487f8c09b01b9b3beacf71e954d4c8f9c390797aab7eb524529c67e6c3891f4ed6daa43cf60c8282f7696214a0b93c13b54da2ae4e276a8cafc19bf9b5a5998
Score

3^/10
behavioral7
- Target
  
  Byte-Stealer-1.3.1/buildExe.bat
- Size
  
  485B
- MD5
  
  cf8fe53bb0caa1560661a15691814a4d
- SHA1
  
  bd434b814986605929630d7ab3cd35fc840f3623
- SHA256
  
  5c2266b0eb1735a2f1be564cb89e43f1a1df75add6c2195ef9ab38dffc64d34b
- SHA512
  
  102e2636a76a61c2e54c671327ecc79c79867be4b159362c6f7597940c2a75f377b834edc7baec16e511d8e41e947f2b8c494d2afade1b7ca3e1180d294a8966
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral8
- Target
  
  Byte-Stealer-1.3.1/discord-logger-help/Help.md
- Size
  
  1KB
- MD5
  
  5bb7502a05235d144d688e6c065cae0b
- SHA1
  
  1e79fce8ecb2aebcc03ac218fc9f8341d972756f
- SHA256
  
  6a65eab84773f6d4373bd13ec5c9155a9b7f014a93a0ad328d419fad5ead5c2f
- SHA512
  
  67d9d8243ac8a335d0de54545c1a06310968f14e27c5e04217a11d0b5f86e5d0c1f4b90c54e2f1958c03bb3765aef3e0a3a52b4a158aba0cbeb3a1bf706d7da2
Score

3^/10
behavioral9
- Target
  
  Byte-Stealer-1.3.1/img/BYTESTEAELRDSICORDPFP.png
- Size
  
  116KB
- MD5
  
  a9a0dd0c6c279424a0c1995051f9c4a4
- SHA1
  
  2cde3344345e3052b6b432b44338945d2344c39a
- SHA256
  
  fc4fde8b1bd1e7abecbdcd7cd7e3693e51d57d0db36440a86a729299d905c9f1
- SHA512
  
  5b15729f68dbee9ba6d4a9885f2ee3766d5956c0c895d61630f64f74a125ea0b3382754ee6f9885868a733aa839d60ce669fdcd4dcf900ea8ba323347c0315ed
- SSDEEP
  
  3072:mP1Ja35sM1LPphupDHarXz7J4c7XTxTjB5b3F:iDaTID6TzbXTL5R
Score

3^/10
behavioral10
- Target
  
  Byte-Stealer-1.3.1/img/SCREENIE1.png
- Size
  
  153KB
- MD5
  
  b49317418e6e48347db1bfe6d0c28622
- SHA1
  
  e1d55cf7bae39c80f79985a906e1ca2469eb8197
- SHA256
  
  4576e84b810884afc1b6d89b015f948aeb9a8c0e8506683736112c6c7d80d244
- SHA512
  
  8f71240e24e3dfb7b8e8f8c8f3bf53d2b1f66a9ea2dfb23f1dfd4d75a66357af8400d1f35e38f24835c9568bf7dcb8484129a32e80c2aaff8ab154d775033799
- SSDEEP
  
  3072:z/vyzNJqLxcsoFFcUnWOOxxlldFNAw3Cdi1MdeAK14vF+t5ED:bKfgFoe+w3Cdi1GHi8
Score

3^/10
behavioral11
- Target
  
  Byte-Stealer-1.3.1/img/SCREENIE2.png
- Size
  
  69KB
- MD5
  
  bba9e028a51bb2050923864582dbce88
- SHA1
  
  5ff4b9108a84dfc61f71bca51877cc37296c595a
- SHA256
  
  d4a208f8a87aad4cf9cd8b9db04b608759fac7e615032389dba320e211f3a873
- SHA512
  
  85e2f6eda674cf0c628d4368b6c5eed2ac42f344d4b69d053a7329482a5253b57b5439a6fa85a01961208237dbe3c3cafe78cbbf5e79d712a762ca57cfaaf982
- SSDEEP
  
  1536:ZHHbbPECTCHHHMesMQHHHWXS8/HskfLpYSPlBo3vYF+zke76AaR:1lsSDMKSfyvs+zf6AaR
Score

3^/10
behavioral12
- Target
  
  Byte-Stealer-1.3.1/img/SCREENIE3.png
- Size
  
  199KB
- MD5
  
  92e07dea5b317aceb2916255f9caa7f8
- SHA1
  
  6a76dff9dd8b38e919ba271b51cabf6190ac5954
- SHA256
  
  8d198c08ec00599950086a5b6a5209acfdd76630fc6c54f5fe22a7d357763e8d
- SHA512
  
  008eb343a83ffd17a3910331dfc398ff76e14f32a2ff708fdfc4fb14f16f62e09d7bbd231914402e9511de2e57ec37079c65e0d714f0791cb857644c2f9f08c5
- SSDEEP
  
  3072:j7r0QmKsmBqvJ0Bolc1NslyakTUKtcn4f6JOz0KCVtHguSx9esAM4lhlVlR9:vgQmJg2dIT7tc4CJxVtZ2YnMmljR9
Score

3^/10
behavioral13
- Target
  
  Byte-Stealer-1.3.1/img/SCREENIE4.png
- Size
  
  92KB
- MD5
  
  40b01c417283e6b4ed53a5473ca575e6
- SHA1
  
  0384790a6df643b90b385e500958790698b5151c
- SHA256
  
  4b1afbe83c0e3ce39b3c4b56ed5850acf73edaae17d254c50ace7cd84b65fdd8
- SHA512
  
  a18ed404832f504c90ff1b4298a961315731ecb37c71e126cc39ef5cba806c14961e525852383e2a35d60870ac4fd390a0bb64d064f710e1cdd3f656d0322e86
- SSDEEP
  
  1536:CZ0fGp33Q1wZbp7FSH516W3GU6GWglJI5xhkr38y6KefMbt1YIYGKmgRQTox2oy:CZTp3AotFSHz6xB3SJCIJefMHYbRQTo8
Score

3^/10
behavioral14
- Target
  
  Byte-Stealer-1.3.1/img/SCREENIE5.png
- Size
  
  15KB
- MD5
  
  db2dfd353947d5c97d1aa17882ed9fd4
- SHA1
  
  b3bb4790d3166f0fed284ba8527f6fb6c2e93322
- SHA256
  
  3dd6154a3120711e3cb632ceb024356ca851289d5839b6da9d91b3da59e70c8a
- SHA512
  
  7cc2da3185a6c52ab73e9640992bd9ca8a8bb48446432054d8f2379003bfcabaaa37ca5f4c43471dbca2c02672eb920a032c49a5dd70dc95f70efeeabdc34688
- SSDEEP
  
  192:wPrFxJpNT9DPn+oDiblvkYY5ORj4iwSExWIaT1srXEW07sreoYBHW+rjSEmjWfIf:Ux/fDfEdnY5KwSdRWEXQrQpWESWSHAyf
Score

3^/10
behavioral15
- Target
  
  Byte-Stealer-1.3.1/img/SCREENIE6.png
- Size
  
  32KB
- MD5
  
  c9bbd937f00f43652fff8e902873d1e4
- SHA1
  
  8ddd5f06842e6defe41b5d7d2bb720d3e3f4a61d
- SHA256
  
  757ed9d649120b2297ad9a58b8fa724bb9f9c9a0edb82d53375fca0a23cb6797
- SHA512
  
  bdef0a627f1c0ce7f1ee789c8b90ce72150dd60bac221483795edb089ffbb0b30ec92305e13f12e1e2e2fe681d3c4f0271d01060892434e69be1414d8e1474cc
- SSDEEP
  
  768:0v+EldNxJdv80OSApJlZ3uW6Iy3scgwgxcHhrJbnqGNgy+:0xfH8rSOR3dTJpwgCHd5qxz
Score

3^/10
behavioral16
- Target
  
  Byte-Stealer-1.3.1/img/VirusTotal.png
- Size
  
  61KB
- MD5
  
  cee67622ab9b849d5b213c7577b89fe3
- SHA1
  
  259bcdcfc1f654ba67a65e79c2ca4411104974da
- SHA256
  
  331572bef1236ee4d635ef9c68e8c565244e88e22312b393de5cfbaef09f3e71
- SHA512
  
  63084fca4c05f9ae4ac86759390423433e09b03218ac55419ae67c0190285d1024944f4a418f18b794061850e3deb3fa397f8fc686724c831171cb1d01901a9f
- SSDEEP
  
  1536:S1HpiQrrN+rJfY9AE+i0XlTkw3K24Aj9Qm9GRk:CJ1rN+CAK4r69A99GG
Score

3^/10
behavioral17

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Blocklisted process makes network request

Executes dropped EXE

Loads dropped DLL

Registers COM server for autorun

Adds Run key to start application

Checks installed software on the system

Enumerates connected drives

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17